apiVersion: v1
kind: Pod
metadata:
  name: nginx-forbidden-sysctls-disallowed
  namespace: testns
  labels:
    app: nginx-forbidden-sysctls
spec:
  containers:
    - name: nginx
      image: nginx
  securityContext:
    sysctls:
      - name: net.ipv4.ip_local_port_range
        value: "1024 65535"
      - name: net.ipv4.ip_unprivileged_port_start
        value: "30000"
